@CloudExpo Authors: Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security

@CloudExpo: Article

Gartner Highlights the Importance of Third-Party Validation

Solution providers that offer unified cloud security platforms

By Gerry Grealish
PerspecSys Vice President of Marketing & Products

Gartner recently published a report that highlights the growing importance of Cloud Access Security Brokers - solution providers that offer unified cloud computing security platforms. This solution category includes a new class of products that Gartner terms Cloud Encryption Gateways, which encrypt or tokenize sensitive information before it leaves an organization's firewall. These solutions, if designed properly, allow organizations to maintain control of sensitive data since they replace the original "clear-text" values with indecipherable replacement values in the cloud. Businesses are adopting these solutions to address issues raised by data residency requirements and data privacy regulations driven by a host of industry compliance mandates. In addition to enabling organizations to satisfy the data protection needs, products like those from PerspecSys also preserve the user experience with the SaaS application (such as Salesforce.com or Oracle CRM). With PerspecSys, critical functionality like Search is retained even when strong encryption (e.g., FIPS 140-2 validated modules) or tokenization is used to protect the data being sent to the cloud.

Gartner highlights the importance of using strong tokenization capabilities that have been evaluated by an independent third party. Practitioners from the payment card industry, where I spent quite a few years, are very familiar with this requirement. The Payment Card Industry (PCI) Security Standards Council established important standards for tokenization and created a program whereby certified QSAs (Qualified Security Assessors) perform audits to ensure merchants and technology providers are conforming to guidelines. Coalfire, a well-known and respected independent QSA and FedRAMP 3PAO advisory firm, evaluated the PerspecSys Cloud Data Protection Gateway against the PCI Security Standards Committee PCI DSS tokenization guidelines. Coalfire found that the PerspecSys solution met or exceeded all of the applicable guidelines. The summary of the evaluation report is available at: http://www.perspecsys.com/coalfire-assessment-summary-report.

Enterprises should make sure the providers they depend on to satisfy regulatory compliance or strict data privacy and residency requirements can deliver on the expected results. One way is to look for assessments from third parties like I referenced above. Well-qualified independent auditors that use established testing and evaluation criteria can validate that solutions are doing what providers say they do. This type of assessment ought to be a no-brainer for the technology providers and is something that enterprises should expect. The history of IT security is full of products that had strong certifications (and sometimes weaker certifications passed off as strong) but were so flawed in their implementations that the net security effect was nil. Security solutions take resources to implement properly, so enterprises need to ensure they are not wasting time and money implementing something that only "looked good in a demo." Third party validation of the solution is therefore a must.

What else? Well, it may seem intuitive, but another important step is to look for products that use well-vetted and accepted industry approaches. For example, within the PerspecSys solution, we made great efforts to ensure that our customers could use industry-standard cryptographic modules that they have approved based on internally established screening criteria as well as external benchmarks, such as NIST FIPS 140-2 validation. When we initially began designing our solution, we considered developing a proprietary encryption algorithm that would make it simpler for us to preserve SaaS application functionality such as "Searching" and "Sorting" on data that was encrypted inside of the cloud. Creation of such an algorithm requires the designer to tweak and modify ("weaken") a strong algorithm in order to get the desired result. But when we considered the long-term ramifications of this approach, we understood that it ran completely counter to what enterprise security organizations would (and should) expect from a solution meant to protect their most sensitive business data. Standards-based security, robust and scalable, without exception - this continues to be a central design principle that enterprise security professionals require, and what we deliver as evidenced by the award-winning PerspecSys Cloud Data Protection Gateway.

Read the original blog entry...

PerspecSys Inc. is a leading provider of cloud data security and SaaS security solutions that remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. Based in Toronto, PerspecSys Inc. is a privately held company backed by investors that include Intel Capital and GrowthWorks.

More Stories By Gerry Grealish

Gerry Grealish is Vice President, Marketing & Products, at PerspecSys. He is responsible for defining and executing PerspecSys’ marketing vision and driving revenue growth through strategic market expansion and new product development. Previously, he ran Product Marketing for the TNS Payments Division, helping create the marketing and product strategy for its cloud-based payment gateway and tokenization/encryption security solutions. He has held senior marketing and leadership roles for venture-backed startups as well as F500 companies, and his industry experience includes enterprise analytical software, payment processing and security services, and marketing and credit risk decisioning platforms.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

CloudEXPO Stories
Andi Mann, Chief Technology Advocate at Splunk, is an accomplished digital business executive with extensive global expertise as a strategist, technologist, innovator, marketer, and communicator. For over 30 years across five continents, he has built success with Fortune 500 corporations, vendors, governments, and as a leading research analyst and consultant.
Most DevOps journeys involve several phases of maturity. Research shows that the inflection point where organizations begin to see maximum value is when they implement tight integration deploying their code to their infrastructure. Success at this level is the last barrier to at-will deployment. Storage, for instance, is more capable than where we read and write data. In his session at @DevOpsSummit at 20th Cloud Expo, Josh Atwell, a Developer Advocate for NetApp, will discuss the role and value extensible storage infrastructure has in accelerating software development activities, improve code quality, reveal multiple deployment options through automated testing, and support continuous integration efforts. All this will be described using tools common in DevOps organizations.
"When you think about the data center today, there's constant evolution, The evolution of the data center and the needs of the consumer of technology change, and they change constantly," stated Matt Kalmenson, VP of Sales, Service and Cloud Providers at Veeam Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
Today, we have more data to manage than ever. We also have better algorithms that help us access our data faster. Cloud is the driving force behind many of the data warehouse advancements we have enjoyed in recent years. But what are the best practices for storing data in the cloud for machine learning and data science applications?